Examples with OAuth2AccessToken org.springframework.security.oauth2.core.OAuth2AccessToken used on opensource projects

Example 41 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AdminController method enhance.

private Collection<OAuth2AccessToken> enhance(Collection<OAuth2AccessToken> tokens) {
    Collection<OAuth2AccessToken> result = new ArrayList<OAuth2AccessToken>();
    for (OAuth2AccessToken prototype : tokens) {
        DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(prototype);
        OAuth2Authentication authentication = tokenStore.readAuthentication(token);
        if (authentication == null) {
            continue;
        }
        String clientId = authentication.getOAuth2Request().getClientId();
        if (clientId != null) {
            Map<String, Object> map = new HashMap<String, Object>(token.getAdditionalInformation());
            map.put("client_id", clientId);
            token.setAdditionalInformation(map);
            result.add(token);
        }
    }
    return result;
}

Example 42 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AdminEndpointsTests method testRevokeTokenByUser.

@Test
@OAuth2ContextConfiguration(ResourceOwnerWriteOnly.class)
public void testRevokeTokenByUser() throws Exception {
    OAuth2AccessToken token = context.getAccessToken();
    String tokenValueBeforeDeletion = token.getValue();
    HttpHeaders headers = new HttpHeaders();
    headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
    HttpEntity<?> request = new HttpEntity<Void>(headers);
    assertEquals(HttpStatus.NO_CONTENT, serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/sparklr2/oauth/users/{user}/tokens/{token}"), HttpMethod.DELETE, request, Void.class, "marissa", token.getValue()).getStatusCode());
    try {
        // The request above will delete the oauth token so that the next request will initially fail. However,
        // the failure will be detected and a new access token will be obtained.  The new access token
        // only has "write" scope and the requested resource needs "read" scope.  So, an insufficient_scope
        // exception should be thrown.
        ResponseEntity<String> result = serverRunning.getForString("/sparklr2/oauth/clients/my-client-with-registered-redirect/users/marissa/tokens", headers);
        fail("Should have thrown an exception");
        assertNotNull(result);
    } catch (InsufficientScopeException ex) {
        assertEquals(HttpStatus.FORBIDDEN.value(), ex.getHttpErrorCode());
        assertEquals("insufficient_scope", ex.getOAuth2ErrorCode());
        String secondTokenWithWriteOnlyScope = context.getOAuth2ClientContext().getAccessToken().getValue();
        assertNotNull(secondTokenWithWriteOnlyScope);
        assertFalse(secondTokenWithWriteOnlyScope.equals(tokenValueBeforeDeletion));
    }
}

Example 43 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeProviderTests method setupAccessTokenProvider.

@BeforeOAuth2Context
public void setupAccessTokenProvider() {
    accessTokenProvider = new AuthorizationCodeAccessTokenProvider() {

        private ResponseExtractor<OAuth2AccessToken> extractor = super.getResponseExtractor();

        private ResponseExtractor<ResponseEntity<Void>> authExtractor = super.getAuthorizationResponseExtractor();

        private ResponseErrorHandler errorHandler = super.getResponseErrorHandler();

        @Override
        protected ResponseErrorHandler getResponseErrorHandler() {
            return new DefaultResponseErrorHandler() {

                public void handleError(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    errorHandler.handleError(response);
                }
            };
        }

        @Override
        protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
            return new ResponseExtractor<OAuth2AccessToken>() {

                public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    return extractor.extractData(response);
                }
            };
        }

        @Override
        protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
            return new ResponseExtractor<ResponseEntity<Void>>() {

                public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    return authExtractor.extractData(response);
                }
            };
        }
    };
    context.setAccessTokenProvider(accessTokenProvider);
}

Example 44 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeGrantTests method testAttemptedTokenAcquisitionWithNoRedirect.

@Test
public void testAttemptedTokenAcquisitionWithNoRedirect() throws Exception {
    AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
    try {
        OAuth2AccessToken token = provider.obtainAccessToken(resource, new DefaultAccessTokenRequest());
        fail("Expected UserRedirectRequiredException");
        assertNotNull(token);
    } catch (UserRedirectRequiredException e) {
        String message = e.getMessage();
        assertTrue("Wrong message: " + message, message.contains("A redirect is required"));
    }
}

Example 45 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class ClientCredentialsGrantTests method testConnectDirectlyToResourceServer.

@Test
public void testConnectDirectlyToResourceServer() throws Exception {
    ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
    resource.setAccessTokenUri(serverRunning.getUrl("/sparklr2/oauth/token"));
    resource.setClientId("my-client-with-registered-redirect");
    resource.setId("sparklr");
    resource.setScope(Arrays.asList("trust"));
    ClientCredentialsAccessTokenProvider provider = new ClientCredentialsAccessTokenProvider();
    OAuth2AccessToken accessToken = provider.obtainAccessToken(resource, new DefaultAccessTokenRequest());
    OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessToken));
    String result = template.getForObject(serverRunning.getUrl("/sparklr2/photos/trusted/message"), String.class);
    assertEquals("Hello, Trusted Client", result);
}